module Security
  module Session
      #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      # Configure module is used by application controller
      #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
      module Configure
        protected 
          def session_expiry
            if session[:expiry_time] && session[:expiry_time] < Time.now
              reset_session
              session[:expiry_time] = Time.now + 20.minutes
              store_permissions
              session[:continue_on] = request.request_uri
              unless access_approved?(params[:controller], params[:action])
                redirect_to(login_url) 
                return
              end
            end
            session[:expiry_time] = Time.now + 20.minutes
          end

          #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          # assign user session object and related fields
          # storing ids instead of full objects to lessen session load
          #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
          def store_session_user(user)
            return if user.nil?
            session[:menu] = nil
            session[:user] = user.id
            name = user.first_name.dup
            name << " " << user.last_name
            session[:user_name] = name
            session[:user_role_id] = user.role_id
            ug = []
            user.user_group.each{|g| ug << g.id}
            session[:user_groups] = ug 
            session[:updater_id] = user.updater_id
            session[:allowed_urls] = user.allowed_urls
          end

          def store_permissions
            return unless session[:permissions].nil? || session[:permissions].empty?
            #load_permissions is defined in the secure_controller plugin as an
            #instance method
            load_permissions
          end

          def store_locations
            p = request.request_uri
            if request.method == :get
              session[:prevpage] = session[:thispage] || ''
              session[:thispage] = p
            end
          end
      end#configure sub module


      module Access

        #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        # user data session object access
        #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
        def user?
          !session[:user].nil?
        end
      
        def user_name
          session[:user_name]
        end

        def current_user
          return User.find(current_user_id)
        rescue ActiveRecord::RecordNotFound
          return nil
        end

        def current_user_id
          r = session[:user]
          return -1 if r.nil?
          r
        end

        def current_updater_id
          r = session[:updater_id]
          return -1 if r.nil?
          r
        end

        def current_user_role
          Role.find(current_user_role_id) if user?
        end

        def current_user_role_id
          r = session[:user_role_id]
          return -1 if r.nil?
          r
        end
        
        def current_user_has_access?(user_group_ids)
          return true if current_user_is_site_admin?
          return true if user_group_ids.nil? || user_group_ids.empty?
          if session[:user_groups]
            user_group_ids.each do |ugid|
              return true if session[:user_groups].include?(ugid)
            end
          end
          return false
        end

        #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        # user role tests
        #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        def current_user_is_site_admin?
          return current_user_role_id == Role::Id::ADMIN
        end

        def current_user_is_site_user?
          return current_user_role_id == Role::Id::USER
        end

        def current_user_can_manage_user_groups?
          controller.access_approved?("/manage/permissions", "list_user_groups")
        end

        def current_user_is_visitor?
          !user?
        end

        def current_user_can_manage_document_category?(id)
          return false unless session[:allowed_urls] && id
          session[:allowed_urls].each do |au|
            return true if (au[:controller] == "/manage/documents") && (au[:action] == "manage_files") && (au[:id].to_i == id.to_i)
          end
          return false
        end

      end #access sub module
  end#session module
end
